Future (Ethical) Hacker Wants to Understand Computers

Let’s not forget the “grey hats” in the middle, now…

I could write a lot on this topic… but I’m not sure how much detail I can go into without causing trouble.

To keep it short - if what you’re after doing is working as a pen tester for a cybersec consultancy somewhere, doing assurance checks of other people’s web apps and infrastructure, then I would highly recommend that you learn the following:

  • bash shell (Linux, also MacOS I think)
  • Python
  • HTML/CSS obviously, but also JS and SQL

That’s just the tip of the iceberg, though…

3 Likes

Thank you!

I’ve been doing my homework on both these topics and I think I’m figuring out the whole black hat, grey hat, white hat thing…sort of. I heard an opinion expressed somewhere that people talk about black vs. white hats, but that really they seem more to just be varying shades of grey.

Opinions, anyone?

1 Like

From my limited research into ethical hacking, it seems white hat refers to those who only hack into systems after receiving permission from the owner of the system. They try to penetrate the security measures in place, and then work with the owner of the system to beef up the security.

Black hat hackers, are evil scum who hack into systems to steal information, install ransom ware, wreak havoc, etc. Their intent is to do harm to the target, not help anyone (except themselves).

Grey hat hackers may have intentions to help secure a system or network, but don’t get permission before hacking the system. They might hack a system, and then inform the owner how vulnerable they are, and use the fact that their system is vulnerable to convince the owner that they should pay for the hacker’s services. They use illegal measures to possibly do some good in the end.

In my opinion, grey and black should be clearly avoided. White hat hackers provide a valuable service. Black hat is just plain wrong, and grey hat amounts to extortion at best.

Good luck on your journey!

2 Likes

Oh, burn! :laughing: You don’t mince words, man! That was perfect!

So edging into grey usually is a bad plan, too, and even then could get you into trouble. Good to know. Thanks!

2 Likes

So edging into grey usually is a bad plan, too, and even then could get you into trouble. Good to know.

Such as this:

Teen Hacker Whom Apple Reported to FBI Just Wanted a Dang Job

“The teenager, […], apparently believed that once Apple discovered the breach it would offer him a job at the company. Instead, it contacted the FBI, which in turn notified the Australian Federal Police.”

5 Likes

Oh…man, that was not smart, kid! Can I just say this is what happens when Mom and Dad are not paying attention to what their kids are doing on the computer?

2 Likes

There are entire organizations (and companies) whose only pursuit is to scrape information they should not have access to so they can monetize it or gain some political advantage. Some governments are suspected or accused of illegal hacking to gain some leverage over other countries, companies or individuals.

Look up the Cambridge Analytica case from last year. Look at WikiLeaks or anonymous.org.

3 Likes

Perhaps, or perhaps it’s just that nobody made it overwhelmingly clear what would happen if he went down that path? Equally, you’re assuming that the kid’s parents would’ve recognised what was going on even if they’d been aware of it… which isn’t necessarily the case.

1 Like

Eh…that’s true. I guess ignorance could play a large part in it.

I know if I’d tried something like that (assuming I had the ability), I’d have been busted before I got very far, but maybe that’s just because my dad has the knowledge to have known what I was doing.

That was a fair point. :slight_smile:

1 Like

So, in doing a little more poking around on the grey hat issue, I ran across this article:

https://thehacktoday.com/whats-difference-white-hat-grey-hat-black-hat/

This part in particular interested me:

“Grey hat programmers are basically a blend of white caps and black hats. What isolates grey hats from white caps is that they will assault/target black hats to convey them to equity. As a rule there is a ‘hazy area’ which must be crossed to bring down crooks or play out certain activities. This expression is the place the term ‘grey hats’ originates from. By and large, grey hats are well behaved subjects with above normal PC capacities. The most major case of a grey hat programmer would be all the Anonymous individuals conflicting with the Islamic State. They may hack, dox and do whatever is important to cut down enemies. Grey hats are likewise scandalous for working with government offices or police, furnishing them with data/insight/tips. Grey hats have been in the news most as of late to work with the FBI to hack the San Bernardino shooter’s telephone.

So then, maybe there are cases, like in catching criminals, where grey hats would be really useful? Is it any different than hiring a spy, or even a private investigator? I mean, spying can be wrong, too, but sometimes it’s a good thing.

What do you guys think? I’m particularly curious to hear what @midlindner and @mtf have to say about this subject.

Thanks!

1 Like

I actually hadn’t considered the activities listed from the article as grey hat. To me, if you’re working with law enforcement, that’s white hat, but I can see where it would be considered grey hat due to the “hazy area” that law enforcement probably overlooks allowing the grey hats to traverse waters they are forbidden to enter. Personally, I would still shy away from illegal activities regardless of the proposed nobility of the cause. There are plenty of people in jail cells who had good intentions for their actions. It’s illegal to beat people up. If I beat up a known drug dealer, is he really going to call the cops? He might.

3 Likes

I like the way you think.

It isn’t often that the end alone justifies the means.

1 Like